Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Running Untrusted Code in Node
Search
Dave Wasmer
February 25, 2014
Technology
0
310
Running Untrusted Code in Node
Running untrusted code in Node in a safe mode while handling the lode.
Dave Wasmer
February 25, 2014
Tweet
Share
More Decks by Dave Wasmer
See All by Dave Wasmer
The Future is Now: Ember in 2018
davewasmer
0
90
UX Mental Models
davewasmer
4
470
Enterprise and Mobile Web
davewasmer
0
77
Kinvey @ PhoneGap Day US
davewasmer
1
160
Other Decks in Technology
See All in Technology
Dapr For Java Developers SouJava 25
salaboy
1
120
ソフトウェア開発現代史: なぜ日本のソフトウェア開発は「滝」なのか?製造業の成功体験とのギャップ #jassttokyo
takabow
2
550
セマンティックレイヤー入門
ikkimiyazaki
7
2.3k
BCMathを高速化した一部始終をC言語でガチ目に解説する / BCMath performance improvement explanation
sakitakamachi
2
680
職種に名前が付く、ということ/The fact that a job title has a name
bitkey
1
200
AWS のポリシー言語 Cedar を活用した高速かつスケーラブルな認可技術の探求 #phperkaigi / PHPerKaigi 2025
ytaka23
7
1.4k
お問い合わせ対応の改善取り組みとその進め方
masartz
0
140
AIエージェント完全に理解した
segavvy
4
210
モンテカルロ木探索のパフォーマンスを予測する Kaggleコンペ解説 〜生成AIによる未知のゲーム生成〜
rist
3
820
17年のQA経験が導いたスクラムマスターへの道 / 17 Years in QA to Scrum Master
toma_sm
0
180
AIが変えるソフトウェア開発__未来のアジャイルチームとは__.pdf
buchirei
0
360
みんなで育てるNewsPicksのSLO
troter
4
1k
Featured
See All Featured
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
12
1.4k
A Tale of Four Properties
chriscoyier
158
23k
Product Roadmaps are Hard
iamctodd
PRO
52
11k
Gamification - CAS2011
davidbonilla
80
5.2k
How GitHub (no longer) Works
holman
314
140k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
60k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.2k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
21k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
102
18k
Building Your Own Lightsaber
phodgson
104
6.3k
Transcript
Running untrusted code in Node in a safe mode while
handling the lode
lode?
Dave Wasmer @davewasmer Developer @ Kinvey yep, this slide …
Kinvey Backend as a service … and this one.
What goes into backend as a service?
None
Lots o’ stuff • Data storage • User management •
Twitter, Facebook, G+, LinkedIn • OAuth, LDAP, Active Directory • File storage • don’t forget CDN delivery • Push notifications • Emails • 3rd Party API Integration • Analytics • a whole lot more ..
What if CRUD ain’t enough?
enter: Business Logic!
Run your code on our servers
Custom JavaScript execution?!
eval(customerCode); // Genius, mirite? NO!
The Problem We needed a safe, scalable way to run
arbitrary (possibly malicious) JavaScript on our servers.
Safety • Can’t allow access to: • filesystem • shared
memory • Kinvey internals • State is evil!
Scalablity • Needs to scale horizontally • i.e. spin up
new instances on-demand • automatically add to resource pool • Optimize for usage • not running huge computations - short, frequent bursts of activity • 2x per API request is possible!
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability Work Master Child Child Child Child
Safety Concerns • How to run arbitrary JS code? •
Three issues • System access (filesystem, network, etc) • Application access (application state, data, etc) • Stupidity / DoS (while (true), forgot to signal async completed)
System access • Filesystem • Severely limited or none •
Network • Partially limited
Our solution to system access ! // Setting things up
! try { script = vm.createScript(codeAsStr); } catch (e) { // syntax error! } ! sandbox = generateNewSandbox()
generateNewSandbox = function(){ ! var sandbox = {}; sandbox.complete =
function(){ runNextTask(); }; sandbox.whateverYouWant = function(){ ... } return sandbox; ! } Our solution to system access
! // Running the untrusted script try { script.runInNewContext(sandbox) }
catch (e) { // e will be any immediate (synchronous) // runtime errors } Our solution to system access
Application access • Data • Permissions
Our solution to application access ! // inside generateNewSandbox() !
sandbox.db = { find: function(query, callback) { // do db stuff callback(null, result) // <- Careful! }, ... }
Stupidity / DoS • while (true) {} // single-threaded ftw!
• function onPreSave(req, res, modules) { doSomeAsyncStuff() } // kthxbai • function doSomeAsyncStuff() { setTimeout(function(){ throw new Error() }, 100000); // muhahaha }
Our solution to stupidity / DoS Work Master Child Child
Child Child
Our solution to stupidity / DoS Work Master Child Child
Child Child
Our solution to stupidity / DoS ! // For handling
callback errors process.on(‘uncaughtException’, function(){ // handle it here });
Wrap-up